Cloud Computing: Best And Worst News Of 2012

What were the key developments for enterprise cloud computing this year? Let's look at four big wins -- and three setbacks.

8 Cloud Tools For Road Warriors

(click image for larger view and for slideshow)

With KPMG predicting a doubling of cloud services revenue over the next two years, it's a good time to point out where cloud computing has gained strength over the past year in capabilities and services. At the same time, we should look at the cloud's weaknesses, as a cautionary tale for those IT teams whom KPMG says are about to migrate production applications to the cloud.

Here are the top seven developments we saw in public cloud computing in 2012: The three biggest setbacks, and the four biggest wins. We'll start with the setbacks.

Setback #1: Outages Plague Amazon And Others.

When you're trying to convince big companies to bet their business on cloud operations, the worst thing that can happen is for the cloud infrastructure you're thinking of using to suffer an unplanned outage. Amazon Web Services didn't have an outage in 2012 that rivaled the hit it took over the Easter weekend in April 2011, when multi-availability zones in one of its data centers went down. However, Amazon was nevertheless buffeted at its big East Coast complex by service outages on June 14 and June 29, due to power outages.

The June 29 outage came after the region suffered a series of violent electrical storms, and the outages were contained to one availability zone inside the data center. Amazon didn't say why the battery and generator backup systems of a supposedly highly available cloud didn't keep services running. The outage only disrupted important customers for a few minutes, but they were some of Amazon's most prominent customers, including Salesforce.com's developer cloud Heroku, Netflix, and social networking firms Instagram and Pinterest. On Oct. 22, Amazon suffered an outage of its Elastic Block Storage service for a few hours, making it impossible for some companies to update their websites or retrieve data, even though the sites remained on display.

None of these incidents was a crippling event for Amazon customers or for Amazon's cloud infrastructure business. A few customers likely dropped the service, as WhatsYourPrice did after the online dating service got a flood of complaints during the two-hour June 29 outage. However, the ongoing problem of outages gives cloud skeptics ammunition against moving essential applications there, even as the likes of Amazon, Google, Rackspace and Microsoft win the debate around other performance factors, such as load balancing and database services.

The periodic outages suggest just what a complex beast infrastructure-as-a-service (IaaS) is. Its supposedly redundant, resilient architecture keeps coming up with unanticipated ways of crapping out during predictable events, or from the occasional human error. Cloud providers do have a better track record for uptime than the average enterprise data center, but cloud architects still have their work cut out for them to reduce the odds of high-profile outages that hurt customers and damage the public cloud's reputation.

Setback #2: Virtual Machine Snooping Threat Gets More Real.

It's still only a theory, but a researcher this year published a disturbing example of one virtual machine spying on another on the same physical server. The possibility of such a risk torments virtual server users, who thus far had been coached that the parameters of virtual machines are hard boundaries that couldn't be breached. Cloud computing relies heavily on the multi-tenant, virtual server host, where one physical server is used by multiple companies and customers.

It's important to note that no known breaches using this technique have occurred in the wild. The researchers at the University of North Carolina, University of Wisconsin and the RSA unit of EMC said it was difficult to execute such an attack even in a lab setting.

Charles is dead-on with setback #3 (Gǣpricing is still a messGǥ). There are, of course, ways to get rapid fixed-price, fixed-schedule cloud deployments, as this SAP video shows: http://bit.ly/SWnnp4. About me: http://bit.ly/UoILDg.

While the security worries get more press, the almost-impossible-to-compare pricing issue is just as painful for IT managers day to day, although Amazon is starting to take positive steps. I wonder how long it will take to get to more apples-to-apples comparisons. The situation works in the vendor's favor right now, not in IT's.

Charles, did you included only cloud infrastructure analysis by design? Or have you also converted to the mad rush which calls only IaaS as cloud and others as SaaS, PaaS, etc? In fact each of these SaaS PaaS IaaS are part of cloud metaphor and you should have touched upon at least all of these cloud layers. None the less a pretty good read.

Cloud reliability (or lack thereof) and cost are well-known issues, but the threat of VM snooping, a.k.a. side vector attack, is less well understood and in some respects more worrisome. So far, it seems to be a theoretical threat, but research now shows it can be done, and when there's a will, there's a way. The researcher concludes that "highly sensitive workloads should not be placed in a public cloud." Let's see how long it is before some company pays the price for failing to heed that warning.

Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.